Security weaknesses cool China QR code use

Not all Japanese IT journalists are gaga over QR codes. Takefumi Makino writes on ASCII that QR codes really don’t make much business sense given that Japan already has a massive NFC/FeliCa contactless payment infrastructure in place. It’s so massive that QR payment players Line Pay and PayPay have said they are considering FeliCa cards for their respective payment networks. It’s all about accessing the mature population segment (60 and above) who hold the family purse strings but don’t like using smartphones and apps to pay for things, but they will use plastic.

As Makino san points out, the most attractive aspect of QR is the low cost that cleverly leverages the existing mobile and internet/cloud infrastructure: any store owner with a smartphone can offer contactless payments. Throw in lots of reward point goodies and you have a nice payment platform lock-in. In countries without a long history of credit card use like China and India, low overhead QR codes are an attractive ‘launchpad’ to bigger, better things. But there are well known QR code security weak points.

In China ‘static’ QR codes used for paying parking ticket fines quickly became a scam problem. QR players migrated to one time use/one minute window ‘dynamic’ QR codes, but even those codes have been hijacked from customers waiting in line with smartphone out and QR code ready:

The latest trend in China is paying for things ‘in-app’ or using face recognition technology, both of which have nothing to do QR. Makino san argues that QR is really just a convenient startup technology for contactless payment systems that migrate to better and more secure technologies. I think it is a valid point. Competing payment system technologies like FeliCa/Suica will soon leverage mobile and cloud infrastructure that could eliminate the QR cost advantage. It will be fascinating to see how the QR payment startups in Japan pan out over time.